Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
fr:cas [2012/06/06 17:14] – [LDAP] fraggle | fr:cas [2021/12/27 18:23] (Version actuelle) – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 64: | Ligne 64: | ||
<code bash> | <code bash> | ||
- | ====== Installation certificat | + | ====== Installation certificat |
Procédure d' | Procédure d' | ||
Ligne 532: | Ligne 532: | ||
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions | # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions | ||
# | # | ||
- | ldap.authentication.allowGuestLogin=true | + | ldap.authentication.allowGuestLogin=false |
# How to map the user id entered by the user to that passed through to LDAP | # How to map the user id entered by the user to that passed through to LDAP | ||
# - simple | # - simple | ||
Ligne 543: | Ligne 543: | ||
# be performed to resolve the DN dynamically. This allows directories to be structured and doesn' | # be performed to resolve the DN dynamically. This allows directories to be structured and doesn' | ||
# appear in the DN. | # appear in the DN. | ||
- | ldap.authentication.userNameFormat=uid=%s, | + | ldap.authentication.userNameFormat= |
# The LDAP context factory to use | # The LDAP context factory to use | ||
Ligne 565: | Ligne 565: | ||
# Comma separated list of user names who should be considered administrators by default | # Comma separated list of user names who should be considered administrators by default | ||
- | ldap.authentication.defaultAdministratorUserNames=jbenoit | + | ldap.authentication.defaultAdministratorUserNames= |
# This flag enables use of this LDAP subsystem for user and group | # This flag enables use of this LDAP subsystem for user and group | ||
# synchronization. It may be that this subsytem should only be used for | # synchronization. It may be that this subsytem should only be used for | ||
# authentication, | # authentication, | ||
- | ldap.synchronization.active=false | + | ldap.synchronization.active=true |
+ | |||
+ | # The authentication mechanism to use for synchronization | ||
+ | ldap.synchronization.java.naming.security.authentication=simple | ||
+ | |||
+ | # The default principal to use (only used for LDAP sync) | ||
+ | ldap.synchronization.java.naming.security.principal=cn=System Administrator-admin, | ||
+ | |||
+ | # The password for the default principal (only used for LDAP sync) | ||
+ | ldap.synchronization.java.naming.security.credentials=password | ||
+ | |||
+ | # If positive, this property indicates that RFC 2696 paged results should be | ||
+ | # used to split query results into batches of the specified size. This | ||
+ | # overcomes any size limits imposed by the LDAP server. | ||
+ | ldap.synchronization.queryBatchSize=100 | ||
+ | |||
+ | # If positive, this property indicates that range retrieval should be used to fetch | ||
+ | # multi-valued attributes (such as member) in batches of the specified size. | ||
+ | # Overcomes any size limits imposed by Active Directory. | ||
+ | ldap.synchronization.attributeBatchSize=100 | ||
+ | |||
+ | # The query to select all objects that represent the groups to import. | ||
+ | ldap.synchronization.groupQuery=(objectclass=posixGroup) | ||
+ | |||
+ | # The query to select objects that represent the groups to import that have changed since a certain time. | ||
+ | ldap.synchronization.groupDifferentialQuery=(& | ||
+ | |||
+ | # The query to select all objects that represent the users to import. | ||
+ | ldap.synchronization.personQuery=(objectclass=inetOrgPerson) | ||
+ | |||
+ | # The query to select objects that represent the users to import that have changed since a certain time. | ||
+ | ldap.synchronization.personDifferentialQuery=(& | ||
+ | # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server. | ||
+ | ldap.synchronization.groupSearchBase=dc\=asso-ckt, | ||
+ | |||
+ | # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server. | ||
+ | ldap.synchronization.userSearchBase=dc\=asso-ckt, | ||
+ | |||
+ | # The name of the operational attribute recording the last update time for a group or user. | ||
+ | ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp | ||
+ | |||
+ | # The timestamp format. Unfortunately, | ||
+ | ldap.synchronization.timestampFormat=yyyyMMddHHmmss' | ||
+ | |||
+ | # The attribute name on people objects found in LDAP to use as the uid in Alfresco | ||
+ | ldap.synchronization.userIdAttributeName=uid | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the first name property in Alfresco | ||
+ | ldap.synchronization.userFirstNameAttributeName=givenName | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the last name property in Alfresco | ||
+ | ldap.synchronization.userLastNameAttributeName=sn | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the email property in Alfresco | ||
+ | ldap.synchronization.userEmailAttributeName=mail | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the organizational id property in Alfresco | ||
+ | ldap.synchronization.userOrganizationalIdAttributeName=o | ||
+ | |||
+ | # The default home folder provider to use for people created via LDAP import | ||
+ | ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider | ||
+ | |||
+ | # The attribute on LDAP group objects to map to the authority name property in Alfresco | ||
+ | ldap.synchronization.groupIdAttributeName=cn | ||
+ | |||
+ | # The attribute on LDAP group objects to map to the authority display name property in Alfresco | ||
+ | ldap.synchronization.groupDisplayNameAttributeName=description | ||
+ | |||
+ | # The group type in LDAP | ||
+ | ldap.synchronization.groupType=posixGroup | ||
+ | |||
+ | # The person type in LDAP | ||
+ | ldap.synchronization.personType=inetOrgPerson | ||
+ | # The attribute in LDAP on group objects that defines the DN for its members | ||
+ | ldap.synchronization.groupMemberAttributeName=memberUid | ||
+ | |||
+ | # If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries. | ||
+ | ldap.synchronization.enableProgressEstimation=true | ||
--- >8 --- | --- >8 --- | ||
</ | </ | ||
Ligne 577: | Ligne 654: | ||
service alfresco restart | service alfresco restart | ||
</ | </ | ||
+ | |||
+ | |||